It is an ethical dilemma that I think is very important to cover. The problem that we've seen so far is with governments buying zero-day vulnerabilities, meaning vulnerabilities that are not known to the vendor who is there to patch them. These are currently being used in warfare to extract information or intelligence that is currently unknown to them. By not disclosing that to the vendor, you're also putting your consumers or citizens at risk by not disclosing that.
We believe that zero-day vulnerabilities should be reported to the vendor no matter what, but we're addressing that from a different side. We're addressing that by leveraging the hacker community to find the same vulnerabilities that either their government or criminals have found, which will then be disclosed to the vendor directly. That is our way of making sure that those vulnerabilities are becoming known to the vendor.
It would be amazing, in my opinion, if the government would also have a law like that, because I don't believe it is worth the risk for your own citizens. However, I think we're far away from having that today.